Grayshift Increases Price as it Struggles to Hack iPhones

· Andrew Orr · Link

iPhone X with GrayKey password hacker

iOS forensics company Grayshift was forced to raise its prices last year, noting that “Forensic Access to iOS continues to increase in difficulty and complexity.”

“I think it’s going to get harder and harder to find these kinds of unlocking flaws, because Apple does control the entire stack,” Alex Stamos, director of the Stanford Internet Observatory and former Facebook chief security officer, previously told Motherboard. “I think a couple more hardware revisions of understanding the ways that these unlocks are happening and [Apple is] going to make it extremely difficult. Which then will bring this debate back…”

It’s a complex issue. On one hand it’s good news for Apple customers. On the other hand, it makes the government is fight tooth and nail to take away our security.

How Worried Should You Be About Public USB Charging Stations?

· Andrew Orr · Link

Today DuckDuckGo published a post about the risks of using public charging stations. Technology exists that lets hackers install malware via these chargers. While I personally think the risk is a bit overblown, this is an argument I think can be added in favor of a portless iPhone.

Although it has become synonymous with charging, USB technology was initially developed with the aim of transmitting data. Thus, hackers can use these public charging stations to install malware on your smartphone or tablet through a compromised USB cable. This process, called “juice jacking”, allows hackers to read and export your data, including your passwords. They can even lock your device this way, rendering it unusable.

Do You Own a Tesla? It’s Vulnerable to Hacking

· Andrew Orr · Link

Security experts found that Teslas are vulnerable to certain kinds of hacks. One expert, Brian DeMuth, said there are no easy ways to prevent it, but you can take some measures.

There are a few things that can reduce the risk if you are willing to accept diminished functionality in the car. For example, the telematics unit can be removed from the vehicle to eliminate attacks over the cellular network, but this also will prevent mobile apps and other remote functionality from working. Removing the telematics unit could also trigger warnings and other errors to appear in the instrument cluster or infotainment system.

Patch Your Netgear Router Because it Could Get Hacked

· Andrew Orr · Link

Netgear is pushing out security patches for its networking products this week. They contain flaws that could open them up to hackers.

Modem/routers:

D6200, D6220, D6400, D7000, D7000v2, D7800, D8500

Range extenders:

PR2000

Routers:

JR6150, R6120, R6220, R6230, R6250, R6260, R6400, R6400v2, R6700, R6700v2, R6700v3, R6800, R6900,  R6900P, R6900v2, R7000, R7000P,  R7100LG, R7300DST, R7500v2, R7800, R7900, R7900P, R8000, R8000P, R8300, R8500, R8900, R9000, RAX120, RBR20 (Orbi), RBS20 (Orbi), RBK20 (Orbi), RBR40 (Orbi), RBS40 (Orbi), RBK40 (Orbi), RBR50 (Orbi), RBS50 (Orbi), RBK50 (Orbi), XR500, XR700

Someone Hacked J.Crew Last Spring and we Only Find Out Today

· Andrew Orr · Link

According to a notice [PDF] from J.Crew, someone hacked the company last year. For some reason we’re only finding out about it today, a year later.

“The information that would have been accessible in your jcrew.com account includes the last four digits of credit card numbers you have stored in your account, the expiration dates, card types, and billing addresses connected to those cards, and order numbers, shipping confirmation numbers, and shipment status of those orders,” J.Crew’s data breach notification explains.

You know, sometimes when I write about this stuff, like Facebook doing every bad thing under the sun with our data, I stop and think: “Am I just a cynical a**hole?” Then, when yet another idiot company has a data breach, I realize, no I’m just reporting reality. These companies deserve to be named and shamed.

HackerOne Punished Researchers Who Disclosed PayPal Bugs

· Andrew Orr · Link

HackerOne is a bug bounty platform that connects companies with security researchers. Recently, when researchers used the platform to disclose six PayPal vulnerabilities, they were punished.

When our analysts discovered six vulnerabilities in PayPal…we were met with non-stop delays, unresponsive staff, and lack of appreciation…When we pushed the HackerOne staff for clarification on these issues, they removed points from our Reputation scores, relegating our profiles to a suspicious, spammy level.

This happened even when the issue was eventually patched, although we received no bounty, credit, or even a thanks…We’ll assume that HackerOne’s response is representative of PayPal’s response.

SlickWraps Was Hacked, But Hasn’t Done Anything About It

· Andrew Orr · Link

SlickWraps makes skins for iPhones and Androids. It was recently hacked, but fortunately by a white hat hacker without malicious intentions. The story behind it is fascinating, especially because the company has blocked him and so far has failed to do anything about it.

To say I went to great lengths to treat SlickWraps equitably would be an understatement. Candidly, after the staggering number of primitive security flaws exhibited by their administrators (e.g. the vulnerability to Dirty COW, an exploit which was patched in 2016), I question whether they deserved the leniency I am about to describe.

Update: Other people are hacking the company too. One of them sent emails to SlickWraps customers, telling them to tweet and email the company, which responded to the incident on Twitter.

Iran Hackers Put Backdoors in VPN Servers

· Andrew Orr · Link

A new report finds that hackers from Iran have been putting backdoors in VPN servers around the world in the “Fox Kitten Campaign.” It sounds like affected companies provide VPN for enterprise, rather than consumers. ZDNet suggests Pulse Secure, Palo Alto Networks, Fortinet, and Citrix.

Though [sic] the campaign, the attackers succeeded in gaining access and persistent foothold in the networks of numerous companies and organizations from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world.

Ransomware Hackers Now Want Your Nudes

· Andrew Orr · Link

Security researchers discover a new form of blackmail from ransomware hackers: They demand nudes instead of money.

While most ransomware strains require monetary compensation in return for a decryptor, Ransomwared is demanding a more unusual payment. Once a computer is infected, a pop up will appear and demand that the victim send the author pictures of “tits” in exchange for an “unlock code.”

Maybe this speaks to my cynicism or just the fact that the world is filled with bad people. But I’m honestly surprised I haven’t heard of this type of ransomware extortion sooner. You could just send random porn, they wouldn’t be able to know if they’re actually your nudes. But they might ask you to hold up a sign with the current date as proof that it’s you. However, what if you just searched online for a nude with a sign, then photoshopped the current date on it? Okay, I need to stop. This is why Charlotte worries about me.

Chinese Military Charged With Equifax Data Breach

· Andrew Orr · Link

Four Chinese military hackers have been charged with breaking into Equifax’s network and stealing the data of tens of millions of Americans.

The accused hackers exploited a software vulnerability to gain access to Equifax’s computers, obtaining log-in credentials that they used to navigate databases and review records. The indictment also details efforts the hackers took to cover their tracks, including wiping log files on a daily basis and routing traffic through dozens of servers in nearly 20 countries.

Reminder that Equifax executives did insider trading based on the breach. They are criminals.

Hackers Dump 70,000 Tinder Photos of Women

· Andrew Orr · Link

Tinder logo

Over 70,000 Tinder photos of women have been dumped in an online forum for cybercrime.

Contextual clues, including particular phone models like the iPhone X seen in the photographs, as well as limited metadata, suggest that many of the (mostly) selfies were taken in recent years. Some of the photos, in fact, contain timestamps dated as recent as October 2019.

Tinder also noted that all of the photos are public and can be viewed by others through regular use of the app; although, obviously, the app is not designed to help a single person amass such a massive quantity of images. The app can also only be used to view the profiles of other users within 100 miles.

Emphasis mine.

Texas Sees Surge in Iranian Cyber Attacks

· Andrew Orr · Link

Texas officials say they’ve seen an increase in Iranian cyber attacks. Over the past two days as many as “10,000 probes…per minute” came from the country.

Speaking after a meeting of the Texas Domestic Terrorism Task Force, of which she’s a member, Crawford of the state information resources agency said as far as she knows, none of the attempted cyberattacks on state government networks originating in Iran have been successful.

Travelex Infected With Sodinokibi Ransomware, Attacker Wants $3M

· Andrew Orr · Link

A cyber attack infected international foreign currency exchange Travelex with Sodinokibi ransomware. The attackers are demanding US$3 million.

The attack occurred on December 31 and affected some Travelex services. This prompted the company to take offline all its computer systems, a precaution meant “to protect data and prevent the spread of the virus.”

We were told that they deleted the backup files and that the ransom demanded was $3 million; if not paid in seven days (countdown likely started on December 31), the attackers said they will publish the data they stole.

iVerify Can Detect if Your iPhone has Been Jailbroken

· Andrew Orr · Cool Stuff Found

iVerify is a security toolkit for iPhones and iPads. It can check the security of your device to see if modifications have taken place, such as jailbreaking or other forms of hacking. It also has a Safari content blocker.

iVerify is your personal security toolkit. Use iVerify to manage the security of your iOS device and detect modifications to your smartphone. iVerify makes it easy to manage the security of your accounts and online presence with simple instructional guides.

I’m curious to see how long it will last. I’ve used two similar apps in the past that offered the same modification detection, but both were removed from the App Store. I don’t know if it was Apple’s doing or if each company independently removed it. App Store: US$4.99

iVerify Can Detect if Your iPhone has Been Jailbroken

NordVPN Falls Victim to Credential-Stuffing Attack

· Andrew Orr · Link

About 2,000 NordVPN users have fallen victim to credential-stuffing attacks that let third-parties access their accounts.

While it’s likely that some accounts are listed in multiple lists, the number of user accounts easily tops 2,000. What’s more, a large number of the email addresses in the list I received weren’t indexed at all by Have I Been Pwned, indicating that some compromised credentials are still leaking into public view. Most of the Web pages that host these credentials have been taken down, but at the time this post was going live, at least one remained available on Pastebin, despite the fact Ars brought it to NordVPN’s attention more than 17 hours earlier.

NordVPN emailed all the publishers that have reported on its hack. In my opinion the company has been trying to downplay it. We’ll see if its recent security measures will improve the service, or if it’s lip service.

AvengerCon: The Return of a Hack Convention for the Military

· Andrew Orr · Link

AvengerCon is a hacking convention for members of the US Cyber Command and government cyber operations community at the US CYBERCOM DreamPort facility.

AvengerCon is an event that is attracting the very best talent both from our DoD participants and also from some of the folks that are working with us outside of the DoD,” Luber said. “When you bring those very best cyber experts together, they get to learn, test out new ideas, and work in an environment that is hosted by and for DoD cyber operations community experts.